Finding out what user Apache is running as?

Question

I want to secure a file upload directory on my server as described beautifully here, but I have one problem before I can follow these instructions. I don't know what user Apache is running as.

I've found a suggestion that you can look in httpd.conf and there will be a "User" line, but there is no such line in my httpd.conf file, so I guess Apache is running as the default user. I can't find out what that is, though.

So, my question is (are):

how do I find out what the default user is
do I need to change the default user
if the answer is yes and I change the default user by editing httpd.conf, is it likely to screw anything up?

Thanks!

why has this question been downvoted? Yes, it's been updated as it has been answered elswhere, but I see no need to down vote? It's a perfectly good question? Perhaps our down voter would care to add a constructive comment regarding this? — Bryan, Mar 24 '10 at 16:44
You might want to post that update as an answer, and accept it, as you are currently in the Unanswered queue. — Fahad Sadah, Apr 05 '10 at 09:40
+1 for being told off on StackOverflow; some users seem insistent on running off new users — wruckie, Jun 07 '14 at 18:35
The next question: what to do because its one of two users, like `root` and `www-data`. How do you give the "right" Apache group a permission to access something? — , May 12 '15 at 21:38
The answers to this question are, for the most part, bizarre. Most of them just give an incomplete list of common users and suggest running `ps` to find which one (or more!) of them is running anything, irrespective of whether that user actually *is* Apache. Just do the obvious thing - `apachectl -S`, as suggested in 2 answers. — EML, Jan 22 '22 at 11:57

score 290 · Answer 1 · edited Nov 29 '13 at 13:42

290

ps aux | egrep '(apache|httpd)' typically will show what apache is running as.

Usually you do not need to change the default user, "nobody" or "apache" are typically fine users. As long as its not "root" ;)

edit: more accurate command for catching apache binaries too

edited Nov 29 '13 at 13:42

Jasper Kennis

379
1
3
12

answered Apr 19 '10 at 23:19

grufftech

6,760
4
37
37

61

Yup, or it'll be www-data on Ubuntu. – gravyface Apr 19 '10 at 23:55
12

...and Debian. :) – cubuspl42 Jan 28 '14 at 13:07
14

That command shows me a list of things, most from `apache` but 1 from `root` too. – User Mar 01 '15 at 03:40
lampp runs httpd as daemon user – Jekis Jul 05 '15 at 17:53
@GruffTech, What about Windows Server? – Pacerier Apr 15 '16 at 14:14
7

I have 3 processes (`/usr/sbin/apache2 -k start`), one's user is `root` and the other two `www-data`. Should I be concerned? – zundi Feb 22 '17 at 18:33
11

@zundi, the service starts as root in order to do things like bind to reserved ports (e.g. 80 and 443). Then it starts whatever the configured number of processes are, to do the web-server work, and any other tasks, as the defined users. That way requests are being handled by non-privileged processes. You will notice the the parent ID (PPID) is the same for all of the other processes. That idea with be the PID for that one process running as root. – Kevin Aug 15 '17 at 18:52
3

That solution is fine, just be aware that it will list also "root" and the user who running this command. To avoid this you can add " | grep -v `whoami` | grep -v root" to this command like nowthatsamatt answered below. – Tobias Gaertner Jul 16 '18 at 11:37
1

If you get a list or you have doubts better check @nowthatsamatt answer. – Leandro Bardelli Apr 29 '22 at 22:44

score 67 · Answer 2 · edited Apr 26 '16 at 12:20

67

You can try the following command:

ps -ef | egrep '(httpd|apache2|apache)' | grep -v `whoami` | grep -v root | head -n1 | awk '{print $1}'

edited Apr 26 '16 at 12:20

Operator

3
2

answered Apr 23 '10 at 13:53

nowthatsamatt

921
1
8
11

3

I love this answer, better (more generic) than the most upvoted answer. Thanks – pgr Aug 28 '18 at 17:24
CHECK THIS ANSWER instead more voted one. – Leandro Bardelli Apr 29 '22 at 22:41
3

You're litterally hidding lines from `root` user, which means that if apache is running as root, well, it doesnt show anything. Same for the current logged user. – 4wk_ Jun 20 '22 at 14:37

score 54 · Answer 3 · edited Aug 16 '18 at 15:34

54

Use apachectl -S, which will show something Apache user and group, something like this:

User: name="_www" id=70
Group: name="_www" id=70

edited Aug 16 '18 at 15:34

Pang

273
3
8

answered Sep 11 '16 at 00:28

Kyaw

641
5
3

2

Thanks, on my mac i see that apache is running as '_www'. – Mercury Oct 19 '16 at 14:01
4

This is a good answer, because it is the one command that tells you a lot more about your running web server and presents it in a comprehensive way. – kontur Sep 05 '19 at 08:08
Oddly, on the Mac, although it shows as '_www', you use 'www' without the underscore for various commands (notably chown). By the way, this varies according to version of MacOs/Apache/Apache package. It's '_www' on my macOs Big Sur with Apache 2.4.38 from MacPorts. It used to be 'staff' on older builds, and I think it's different if you use Homebrew. – xgretsch Oct 05 '21 at 15:51

Kevin · Answer 4 · 2016-08-30T19:22:49.630

According to the ubuntuforums.org, on Ubuntu the default user for apache2 is www-data.

Seen to be true on Ubuntu 13.10 Saucy.

From Lars Noodén on the above forum.

To be sure what [the user] is really set to, check the actual configuration files. The umbrella file, apache2.conf will have something like the following,
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
That is a reference to environment variables set in /etc/apache2/envvars. mod_suexec also allows scripts to be run as yet a different user and group.

To find any virtual hosts, which may use alternate users, groups, or both, check the configurations.
$ egrep "^User|^Group|^SuexecUserGroup" /etc/apache2/apache2.conf /etc/apache2/sites-available/*.conf

For Red Hat based distributions it would be (usually its user running httpd is apache):

$ egrep "^User|^Group|^SuexecUserGroup" /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*.conf

score 12 · Answer 5 · answered Apr 23 '10 at 07:53

I know that this is an old post, but it is still listed as unanswered, so I will make a suggestion. If you can't find which user or group Apache is running as, perhaps try opening the httpd.conf file. There should be an entry there for "User" and "Group". Not only can you see which user Apache is supposed to be running as, but you can change it if you feel the need to do so.

score 11 · Answer 6 · edited Sep 26 '11 at 05:42

11

You can include a line of code in your PHP script:

echo exec('whoami');

edited Sep 26 '11 at 05:42

splattne

28,508
20
98
148

answered Sep 26 '11 at 02:08

JG Estiot

119
1
2

8

Watch out here, this shows the user that PHP runs under, not the Apache user. If using mod_php these are the same but if, as is now very common, you're using something else (like php_fpm) they can easily be different. – benz001 Jul 31 '14 at 02:29

score 5 · Answer 7 · edited Jul 15 '16 at 17:18

5

This code will - more or less - alphabetically list all the non-root users running processes containing apache (or whose name contains apache)

ps aux | grep -v root | grep apache | cut -d\  -f1 | sort | uniq

edited Jul 15 '16 at 17:18

mwfearnley

816
1
11
22

answered Mar 06 '13 at 12:28

user163193

51
1
1

1

The list will probably include users who are running processes like 'grep apache', such as your fine self. – mwfearnley Jul 15 '16 at 13:58

score 4 · Answer 8 · edited May 23 '17 at 12:41

To find out the user, you can simply use ps aux | grep apache while it is running.
You don't need to, but if Apache is running as root there are security issues.
Thirdly, changing the user of Apache will change his rights to access some directories. You need to make sure that /var/www (or wherever you have your websites) is accessible to the new user and group.

NOTE: This is the same answer I gave on Stackoverflow.

score 3 · Answer 9 · answered Apr 23 '10 at 15:33

3

Or you can check the apache configuration file and look for the owner & group.

answered Apr 23 '10 at 15:33

AliGibbs

2,323
21
34

score 3 · Answer 10 · answered Feb 04 '16 at 00:55

An alternative approach, at least for Debian/Ubuntu-based distros, is to use the same method Apache does to set its user and group: source /etc/apache2/envvars!

$ echo "$(source /etc/apache2/envvars && echo "$APACHE_RUN_GROUP")"
www-data

If you want to get fancy, you can suppress errors if the file is not found, and provide a default value:

$ apacheuser=$(
     source /fail/etc/apache2/envvars 2>/dev/null &&
     echo "$APACHE_RUN_GROUP" ||
     echo nobody  
)
$ echo "$apacheuser"
nobody

score 2 · Answer 11 · edited May 23 '17 at 12:41

2

As suggested by Noyo here:

APACHE_USER=$(ps axho user,comm|grep -E "httpd|apache"|uniq|grep -v "root"|awk 'END {if ($1) print $1}')

And then:

echo $APACHE_USER

edited May 23 '17 at 12:41

Community

1

answered Jan 03 '13 at 11:36

kenorb

6,499
2
46
54

1

Get the user (ubuntu command-line): echo $APACHE_USER – Jadeye Oct 22 '14 at 09:07

score 2 · Answer 12 · edited Jul 03 '18 at 13:54

I found most of the solutions offered here are system- or configuration- specific (in particular, most of the solutions do not work at all on MacOS) and a few rely on the user knowing where Apache's configuration files are in the first place...

So I cheat a bit and let Apache itself tell me what's what.

The simple command apachectl -S will tell you what you need to know about a running instance of Apache, and its results can be parsed fairly easily. Here's my solution, which I use at the top of a few bash scripts to determine a variety of things I might need at any given time...

# Store the results so we don't have to keep calling apachetl...
astatus=`apachectl -S`

# Now grab whatever you want from the result... 
HTTPD_ROOT_DIR=$(expr "`echo "$astatus" | grep ServerRoot`" : ".*\"\(.*\)\".*")
HTTPD_DOC_DIR=$(expr "`echo "$astatus" | grep \"Main DocumentRoot\" `" : ".*\"\(.*\)\".*")
HTTPD_USER=$(expr "`echo "$astatus" | grep \"User:.*name=\" `" : ".*\"\(.*\)\".*")
HTTPD_GROUP=$(expr "`echo "$astatus" | grep \"Group:.*name=\" `" : ".*\"\(.*\)\".*")

These values can then be used as such:

echo $HTTPD_ROOT_DIR // /etc/httpd
echo $HTTPD_DOC_DIR  // /var/www
echo $HTTPD_USER     // www-data
echo $HTTPD_GROUP    // www-data

You can use the operator `<<<` to pass a string as stdin to a process: `grep b <<<$'a\nb\nc\n'` — ceving, Jan 21 '20 at 14:33

score 1 · Answer 13 · answered Apr 25 '18 at 13:44

1

Use lsof and pass the port apache is listen to as an argument. See the USER column for the user appache is running as.

# lsof -i :80
COMMAND     PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd     21058   root    4u  IPv6  74730      0t0  TCP *:http (LISTEN)
httpd     21111 www-data    4u  IPv6  74730      0t0  TCP *:http (LISTEN)
httpd     24915 www-data    4u  IPv6  74730      0t0  TCP *:http (LISTEN)

answered Apr 25 '18 at 13:44

David Okwii

324
1
5
13

lsof might be slow when you have a few 100k open filehandles and/or a quite busy server. – Dennis Nolte Oct 17 '18 at 10:51

score 0 · Answer 14 · answered Feb 13 '16 at 20:47

I found this command in CakePHP docs.

HTTPDUSER=`ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1`

Now HTTPDUSER holds the username of the user who runs the server, echo $HTTPDUSER in my case outputs www-data –using rlerdorf/php7dev.

score 0 · Answer 15 · answered Jan 21 '20 at 14:24

0

This is what I use right now:

apachectl -t -D DUMP_RUN_CFG 2>/dev/null |
sed -n '/^User/s/.*name="\([^"]*\)".*/\1/p'

answered Jan 21 '20 at 14:24

ceving

534
4
26

Finding out what user Apache is running as?

15 Answers15

Linked

Related